> > About the Referer header, from what I read the header is not sent only > if "an unsecured HTTP request is used and the referring page was > received with a secure protocol (HTTPS)" [1] That should be rare since > the search engines now redirect to HTTPS right away and people would be > entering their search terms in a form submitted over HTTPS. > > A spot check of a few browsers shows the Refer header in use for these > at least when using HTTPS: > > Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 > Firefox/56.0 > Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 > Firefox/52.0 > Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, > like Gecko) QupZilla/1.8.9 Safari/538.1 > Mozilla/5.0 (X11; CrOS x86_64 9765.85.0) AppleWebKit/537.36 > (KHTML, like Gecko) Chrome/61.0.3163.123 Safari/537.36 > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.75 > Safari/537.36 > Lynx/2.8.9dev.11 libwww-FM/2.14 SSL-MM/1.4.1 GNUTLS/3.5.6 > > The Referrer Policy is in the draft stage [2] and might or might not > affect source web sites in the future, but if it does it looks like it > is a very long way from becoming widely deployed, years if ever. So it > is unlikely to be a factor in Q1 2018 or Q2 2018 > > [2] https://w3c.github.io/webappsec-referrer-policy/# > referrer-policy-origin
The referrer policy is already in use at Google, which is why we don't see users' search queries in referer field in our request logs; just that they came from Google. - Mikhail
_______________________________________________ Analytics mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/analytics
